As reliance on computers and wireless devices has increased, so has the concern for the computer security. The threat of hackers breaking into computer systems or eavesdropping on communications has prompted many corporations and individuals to implement security strategies. Some of these strategies include encrypting data communication using Secure Socket Layer (SSL) protocol and signing digital documents with digital signatures. The aforementioned security mechanisms require encryption keys (i.e., public and private encryption keys) as well as certificates to authenticate the encryption keys.
Conventionally, two forms of encryption exist: symmetric encryption and asymmetric encryption. Symmetric encryption algorithms use only one private key. With this private key, a sender can encrypt a message and a recipient can decrypt the message, but the security of the private key becomes problematic. Asymmetric encryption algorithms include the use of two keys: one public key (known publicly to the world) and one private key (known only to the owner). Asymmetric encryption algorithms are used for both privacy as well as ensuring the sender's authentication (i.e., using a digital signature of the sender). Specifically, data encrypted with a sender's private key can only be decrypted by the sender's public key, guaranteeing that the sender is who the sender claims to be (i.e., authenticating the sender so that another user or machine cannot impersonate the sender) and that the data was not modified while being transmitted over the network. In addition, data encrypted with the receiver's public key can only be decrypted by the receiver's private key, guaranteeing that only the intended recipient will be able to read the data (i.e., ensuring privacy).
Encryption of data exchanged in wireless networks is typically performed using many different types of wireless encryption schemes that employ symmetric encryption or variations of symmetric encryption, such as Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and WPA-PSK (i.e., pre-shared key mode). WEP employs the notion of a single shared secret key among nodes of a wireless network. In WEP, a sender uses the shared secret key to encrypt data before transmission, and the receiver decrypts the data using the same shared secret key. Further, in WEP, payload integrity is provided by a cyclic redundancy check (CRC). The CRC is inherently insecure because it is possible to alter the payload and update the message CRC without knowing the shared secret key. WPA greatly improves the insecurity of WEP by increasing the size of the keys, increasing the number of keys in use, and adding a secure message verification system (i.e., message integrity check). WPA is designed for use with an authentication server, which distributes different keys to each node of a wireless network. WPA can also be used in a less secure pre-shared key (PSK) mode, in which the keys are not exchanged through the network, but configured when the network is set up. In this scheme, data is encrypted with a 128-bit key and a 48-bit initialization vector, and payload integrity is provided using a message authentication code that is considered fully secure.